A reference to something should always be a JSON pointer and not a name (security scheme example) #26

arno-di-loreto · 2022-10-05T11:47:58Z

arno-di-loreto
Oct 5, 2022

In v3, some "reusable" elements are referenced by name instead of using a JSON pointer reference: security schemes (and their scopes), or tags for instance.

in v4, A JSON pointer reference should be the only way of referencing something:

that makes the spec consistent (always referring to a component in the same way)
allows defining locally some elements that weren't
allows referencing externally some elements that weren't

Here's how it would work for security schemes (did not yet looked how it would work for scopes):

v3

security:
  fooSecurity:
    # scheme usage + optional configuration
components:
  securitySchemes:
     fooSecurity:
     # scheme definition

V4 proposal

security:
  - securityScheme:
      $ref: '#/components/securitySchemes/fooSecurity' # security scheme could be defined locally
    securityRequirements: # just using the original object name, could be something else
      # scheme usage + optional configuration
components:
  securitySchemes:
     mySecurityScheme:
     # scheme definition

PS: Speaking of security, we could also have reusable securityRequirements (but that's another discussion)

jugaadi · 2022-10-05T16:13:52Z

jugaadi
Oct 5, 2022

Discriminator too?

2 replies

kevinswiber Oct 6, 2022

We should look at deprecating discriminator in favor of a built-in JSON Schema approach.

handrews Oct 6, 2022
Collaborator

propertyDependencies (which will be in the next JSON Schema release) solves most of discriminator. Some additional hinting is probably needed regarding the class name, as discriminator allowed that to diverge from the property value, but that's easily accomplished with annotations as part of a code gen library.

handrews · 2022-10-06T23:30:52Z

handrews
Oct 6, 2022
Collaborator

Note that there is a large conversation about referencing happening over at AsyncAPI, and while there are things involved there specific to AsyncAPI, it is very much relevant to OpenAPI (and JSON Schema) as well.

0 replies

handrews · 2023-01-10T19:37:05Z

handrews
Jan 10, 2023
Collaborator

Note that AsyncAPI is now fixing this for security schemes.

0 replies

handrews · 2024-02-11T20:43:34Z

handrews
Feb 11, 2024
Collaborator

We're now considering going in the other direction - things should be component names and not JSON Pointers (although within JSON Schema that will only change if JSON Schema does):

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

A reference to something should always be a JSON pointer and not a name (security scheme example) #26

{{title}}

Replies: 4 comments 2 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

A reference to something should always be a JSON pointer and not a name (security scheme example) #26

arno-di-loreto Oct 5, 2022

v3

V4 proposal

Replies: 4 comments · 2 replies

jugaadi Oct 5, 2022

kevinswiber Oct 6, 2022

handrews Oct 6, 2022 Collaborator

handrews Oct 6, 2022 Collaborator

handrews Jan 10, 2023 Collaborator

handrews Feb 11, 2024 Collaborator

arno-di-loreto
Oct 5, 2022

Replies: 4 comments 2 replies

jugaadi
Oct 5, 2022

handrews Oct 6, 2022
Collaborator

handrews
Oct 6, 2022
Collaborator

handrews
Jan 10, 2023
Collaborator

handrews
Feb 11, 2024
Collaborator